Report Open Access

Gotham Remote Logins Monitoring System

Dhar, Mrinal; Brillault, Vincent


MARC21 XML Export

<?xml version='1.0' encoding='UTF-8'?>
<record xmlns="http://www.loc.gov/MARC21/slim">
  <leader>00000nam##2200000uu#4500</leader>
  <datafield tag="653" ind1=" " ind2=" ">
    <subfield code="a">CERN openlab summer student</subfield>
  </datafield>
  <controlfield tag="005">20190410034728.0</controlfield>
  <controlfield tag="001">155316</controlfield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">Summer Student Supervisor</subfield>
    <subfield code="a">Brillault, Vincent</subfield>
  </datafield>
  <datafield tag="856" ind1="4" ind2=" ">
    <subfield code="s">637589</subfield>
    <subfield code="z">md5:d94cc43e962ea1264a0938d5894c5301</subfield>
    <subfield code="u">https://zenodo.org/record/155316/files/MrinalDhar2016.pdf</subfield>
  </datafield>
  <datafield tag="542" ind1=" " ind2=" ">
    <subfield code="l">open</subfield>
  </datafield>
  <datafield tag="260" ind1=" " ind2=" ">
    <subfield code="c">2016-09-26</subfield>
  </datafield>
  <datafield tag="909" ind1="C" ind2="O">
    <subfield code="p">openaire</subfield>
    <subfield code="p">user-cernopenlab</subfield>
    <subfield code="o">oai:zenodo.org:155316</subfield>
  </datafield>
  <datafield tag="100" ind1=" " ind2=" ">
    <subfield code="u">CERN openlab Summer Student</subfield>
    <subfield code="a">Dhar, Mrinal</subfield>
  </datafield>
  <datafield tag="245" ind1=" " ind2=" ">
    <subfield code="a">Gotham Remote Logins Monitoring System</subfield>
  </datafield>
  <datafield tag="980" ind1=" " ind2=" ">
    <subfield code="a">user-cernopenlab</subfield>
  </datafield>
  <datafield tag="540" ind1=" " ind2=" ">
    <subfield code="u">http://creativecommons.org/licenses/by/4.0/legalcode</subfield>
    <subfield code="a">Creative Commons Attribution 4.0 International</subfield>
  </datafield>
  <datafield tag="650" ind1="1" ind2="7">
    <subfield code="a">cc-by</subfield>
    <subfield code="2">opendefinition.org</subfield>
  </datafield>
  <datafield tag="520" ind1=" " ind2=" ">
    <subfield code="a">&lt;p&gt;Project Specification&lt;/p&gt;

&lt;p&gt;In order to detect abused credentials, CERN is running a remote login monitoring system, called Gotham. This systems compares, for each user, the location of remote logins with the user’s past behaviour, notifying them of any new location. Unfortunately, the design and code used by this system is outdated and requires a complete rewrite.&lt;/p&gt;

&lt;p&gt;The requirements of this projects are:&lt;/p&gt;

&lt;p&gt; Build a system with the same features as the existing one, but without any dependency on old CERN libraries (e.g. perl-LC), which would include:&lt;/p&gt;

&lt;p&gt;◦ Pulling data from a login database (running an hourly cron-job)&lt;/p&gt;

&lt;p&gt;◦ Enriching the data with geolocation and domains&lt;/p&gt;

&lt;p&gt;◦ Support for whitelisting, in particular for CERN IPs&lt;/p&gt;

&lt;p&gt;◦ Maintaining a ‘known location’ database&lt;/p&gt;

&lt;p&gt; Build a Command Line Interface (CLI) for administrator to manually list or remove locations for users&lt;/p&gt;

&lt;p&gt; Add support for IPv6 (currently unsupported)&lt;/p&gt;

&lt;p&gt; Design a new system running in real-time streaming mode (instead of using an hourly cron-job) by running the code in an Apache Spark (http://spark.apache.org/) cluster and pulling data from Apache Kafka (http://kafka.apache.org/). Special care should be taken to ensure that no data is lost in case of crashes.&lt;/p&gt;

&lt;p&gt;In addition, extensions of this project can be considered:&lt;/p&gt;

&lt;p&gt; A SSO-enabled web front-end, allowing CERN users (and the CERN Computer Security Team) to review their known login locations.&lt;/p&gt;

&lt;p&gt; Reviewing the current location definition and evaluate alternatives. For example using ‘ISPs’ instead of ‘Organisations’, using ‘City’ geolocalization, etc&lt;/p&gt;

&lt;p&gt;Abstract&lt;/p&gt;

&lt;p&gt;This project aims to completely rewrite the Gotham Remote Logins Monitoring System currently in use at CERN. The existing system has been written in Perl, and it makes use of some really old CERN libraries that make the system difficult to maintain. Python is a modern, widely used, high-level, interpreted programming language and, as a result, was chosen as the programming language for this project. There are a number of well-maintained open source libraries in Python that have been used for the purposes of this project,drastically decreasing the chances of security flaws in the libraries and thus simplifying the project maintenance. Apart from the equivalent functionality that was achieved with respect to the earlier version of Gotham, a number of new features have been added, like real-time processing of input login streams, a web based frontend to be integrated with the central account management page at CERN, a REST API for accessing previous login information by other applications.&lt;/p&gt;</subfield>
  </datafield>
  <datafield tag="024" ind1=" " ind2=" ">
    <subfield code="a">10.5281/zenodo.155316</subfield>
    <subfield code="2">doi</subfield>
  </datafield>
  <datafield tag="980" ind1=" " ind2=" ">
    <subfield code="a">publication</subfield>
    <subfield code="b">report</subfield>
  </datafield>
</record>
92
44
views
downloads
All versions This version
Views 9292
Downloads 4444
Data volume 28.1 MB28.1 MB
Unique views 8787
Unique downloads 4040

Share

Cite as